This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:

sudo 1.6.8p12-1ubuntu6.1

sudo-ldap 1.6.8p12-1ubuntu6.1

Ubuntu 8.04 LTS:

sudo 1.6.9p10-1ubuntu3.6

sudo-ldap 1.6.9p10-1ubuntu3.6

Ubuntu 8.10:

sudo 1.6.9p17-1ubuntu2.2

sudo-ldap 1.6.9p17-1ubuntu2.2

Ubuntu 9.04:

sudo 1.6.9p17-1ubuntu3.1

sudo-ldap 1.6.9p17-1ubuntu3.1

Ubuntu 9.10:

sudo 1.7.0-1ubuntu2.1

sudo-ldap 1.7.0-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that sudo did not properly validate the path for the ‘sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. (CVE-2010-0426) It was discovered that sudo did not reset group permissions when the ‘runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2010-0427)